Hi, Sorry for the newbie question, but i need some help.
Id like to create a full test environment, fully isolated from PROD.

Ive looked around and seen things for Labs, SureBackup, Replicas, DR etc, but im not sure how to do this.
So i thought Id ask for some pointers here.

Setup:
One domain and one child domain (root.site & child.root.site)
All user accounts are in child.root.site domain.
I want to create a Test Environment for our Payroll and Finance Applications (MS SQL Servers, Application Servers, Workstations for Access to Apps)
And obviously Active Directory as the Apps are all AD Authenticated.

As we are dealing with Core Financial Apps, this Test Environment needs to be completely isolated from PROD so there is no possibility of accidental postings to live.

Is there simple how-to's somewhere to be able to create this sort of environment?

Whats some of the gotcha's in this to get it to work?
Ive read often about AD being in DSRM and unable to authenticate as being a problem.

I recently started using SureBackups with the Virtual Lab (vSphere). It not only verifies that your backup is usable, but it also gives you an opportunity to test changes, patches, etc. It should be able to do everything you need, but it takes some time going through the documentation to get a good understanding of how it works.

DaveA -
Surebackups are meant to be temporary and are wholly dependent upon the Veeam Backup service running on your veeam server. If that service gets stopped/restarted, it will delete all of the surebackups currently running so if this is supposed to be an 'always on' environment, you don't want rely purely on SureBackup jobs. What I've found to be the best solution for us for long-term test environments is to configure the Virtual Lab, Application Group, and Surebackup settings so that all the pieces are there. Let Veeam create your Surebackup VM appliance (which acts as your router/firewall into your isolated environment) but don't actually power on the Surebackup inside Veeam. The VM proxy keeps things inside the isolated environment from talking to production. You will have to manually power on the VM proxy in vCenter/Hyper-V. You can then copy/clone existing production servers (or build all new servers) and attach their network adapters to this surebackup proxy VM. If you've done your network isolation settings properly on the Surebackup proxy VM, all of your isolated VM's will be able to talk to each other and you will have a NAT'd IP to be able to RDP from production into the isolated servers.

The biggest thing with a long-term testing environment like this is that you're going to get stale active directory information. For instance, if you clone a DC into the test environment, user's passwords are going to change. If User A resets their password in production, then at some point they're going to have to reset their password in test as well. You're also going to need to wait a little bit for the DC to fully initialize because it won't be able to connect to the other DC's in your domain and it will generate errors in your event logs. It has to give up trying to connect to the other DC's before it will fully come online.